Skip to main content
farhanahmed
Staff
farhanahmed
Staff
December 26, 2024

Technical Tip: How to get total log count in Log View

  • December 26, 2024
  • 0 replies
  • 1269 views
Description The article describes how to see the total log count in Log View.
Scope FortiAnalyzer.
Solution

Go to Log View -> Logs (in older versions select: FortiGate) -> Select the type of Logs. e.g. Traffic. (Search filters can be added). At the bottom of the screen, it shows 'x.x seconds' Select that to view the total logs.

 

log_view1.png

 

V7.4.x (v7.4.4 and higher) does not show the total count, instead, the total count is fetched by selecting the 'Get Total Count' button.

 

log_view2.png

 

 

The total log count of Log View can be fetched using API:

 

  1. Create a log search to generate a Task ID 'tid: (Search filters can be added. Here a filter is added to search all logs with action 'all-accept').

    {
        "id": "2",
        "jsonrpc": "2.0",
        "method": "add",
        "params": [
            {
                "case-sensitive": false,
                "filter": "smart_action=\"all-accept\"",
                "logtype": "traffic",
                "time-order": "desc",
                "time-range": {
                    "start": "2024-09-16 09:42:38",
                    "end": "2024-12-25 09:42:38"
                },
                "limit": 50,
                "url": "/logview/adom/{{ADOM}}/logsearch/",
                "device": [
                    {
                        "devid": "All_FortiGate"
                    }
                ],
                "apiver": 3
            }
        ],
        "session": "{{session}}"
    }

Sample output:

 

1.png

 

 

  1. Use the 'tid' from step #1 to get the log count:

 

{
    "id": "3",
    "jsonrpc": "2.0",
    "method": "get",
    "params": [
        {
             "url": "/logview/adom/{{ADOM}}/logsearch/count/{{tid}}",
             "apiver": 3
        }
    ],
    "session": "{{session}}"
}


Sample output:

 

2.png

 

Note:

To get a final 'matched-logs' counter for a large volume of logs, it may be necessary to send an API request with the same 'tid' multiple times until 'progress-percent: 100' is received in the API response.

 

2026-02-17 18:08:52 [T3722:fazsvc_session.c:1952] jsonapi response={ "jsonrpc": "2.0", "id": "3", "result": { "total-logs": 1817001, "scanned-logs": 208111, "matched-logs": 168115, "elapsed-time-ms": 1, "estimated-remain-sec": 0, "progress-percent": 0, "status": { "code": 0, "message": "succeeded" } } }.

2026-02-17 18:08:57 [T3722:fazsvc_session.c:1952] jsonapi response={ "jsonrpc": "2.0", "id": "3", "result": { "total-logs": 1817001, "scanned-logs": 208111, "matched-logs": 168115, "elapsed-time-ms": 4959, "estimated-remain-sec": 7, "progress-percent": 11, "status": { "code": 0, "message": "succeeded" } } }.

2026-02-17 18:09:01 [T3721:fazsvc_session.c:1952] jsonapi response={ "jsonrpc": "2.0", "id": "3", "result": { "total-logs": 1817001, "scanned-logs": 1817001, "matched-logs": 1507790, "elapsed-time-ms": 5, "estimated-remain-sec": 0, "progress-percent": 100, "status": { "code": 0, "message": "succeeded" } } }.

 

Related articles:
Terms & ConditionsAccessibility statement